Please disable the SELinux execstack/relro checks before FC5 final
Arjan van de Ven
arjan at fenrus.demon.nl
Fri Feb 17 20:14:29 UTC 2006
> Another question is what domains are in view here, e.g. all domains
> (such that allow_execstack permits execstack to every process rather
> than just unconfined processes) or just unconfined_t (so that confined
> daemons remain protected even if allow_execstack is enabled)?
right now I fear the only sane answer is "set all to permissive
behavior"; the minimum for fc5 would be everything that can do plugins
of any kind, or uses libraries that tend to get replaced (3D ones ;).
But that ends up being a whole whopping lot...
I really wish the user notification/config thing existed, but that will
take time to get right for sure...
More information about the fedora-devel-list
mailing list